Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

seguridad Internet

Adobe has moved up the release date for the patch for the critical bug in Adobe Flash Player revealed last week, and now plans to have a fix ready on Thursday. The company still plans to patch Reader two weeks from now.

The European agency responsible for protecting the critical infrastructure of EU countries is warning its member states that the Stuxnet attack represents a major change in the malware landscape and that they should be prepared for further attacks with the same level of sophistication and professionalism.

In the face of continued attacks targeting its hugely popular Gmail service, Google has put together a checklist to help Gmail users better secure their accounts by looking at the settings in their inboxes, their browsers and their PCs. The security guide doesn’t automate any of these tasks for users, but instead gives them a guide comprising 18 steps to help lock down their Gmail inboxes.

Researchers have discovered that a page on the My Opera community Web site is hosting malware related to an IRC botnet. The discovery comes just a couple of weeks after malicious code also was found on Google Code servers.

Although Adobe doesn’t have a patch ready yet for the newly disclosed vulnerability in the company’s Reader application, Adobe and Microsoft security officials said that Microsoft’s recently released Enhanced Mitigation Environment Toolkit 2.0 can protect users against the exploit that is currently circulating.

A day after Microsoft released information on the remotely exploitable DLL-hijacking vulnerability that affects dozens of Windows applications, researchers are starting to discover exactly which pieces of software are vulnerable. The list so far includes PowerPoint, Wireshark and some applications that are included by default with Windows Vista, and possibly Windows 7.

As mobile devices such as iPhones, BlackBerrys, Android phones and others have become more sophisticated and easy to use, many users have made them their main computing and Web-browsing devices. And that evolution naturally has caught the attention of attackers who have begun tailoring more and more of their attacks at these mobile platforms.

A Web site set up to help iPhone users jailbreak their devices is using a flaw in the way that the iPhone handles PDF files to escape the phone’s sandbox security function and enable users to load applications that aren’t in Apple’s official App Store. The same flaw could easily be used to install malicious software in drive-by download attacks, experts say.

LAS VEGAS–Security technology and practice have advanced quite a bit in the past few years, but one thing that has become clear is that whatever gains have been made are just not keeping pace with the innovation of attackers. The advances being made by malware authors and crimeware gangs are keeping them well ahead of the curve and will continue to do so for the foreseeable future, researchers say.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.